Patents by Inventor Jürgen Pulkus
Jürgen Pulkus has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11405190Abstract: A method for setting up a subscriber identity module for agreeing one or several exchange keys, between a subscriber identity module and a provisioning server includes generating one or several exchange keys from keys of the provisioning server and of the subscriber identity module on a production server and are transmitted into the subscriber identity module and stored, so that the subscriber identity module is put particularly into a state as though it had generated the exchange keys itself. In a method for agreeing one or several exchange keys, between a subscriber identity module and a provisioning server, the subscriber identity module sends its public key to the provisioning server, which subsequently generates the exchange keys.Type: GrantFiled: December 14, 2016Date of Patent: August 2, 2022Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Gabriel Goller, Sven Bauer, Jürgen Pulkus, Lars Hoffmann
-
Patent number: 11386239Abstract: A method for the transition is provided from a Boolean masking of a value to be kept secret to an additive masking of the value to be kept secret. The value to be kept secret is present in the Boolean masking as a representation masked with a first Boolean mask and a second Boolean mask. A first additive mask and a second additive mask are determined for the value to be kept secret. A first masking transition is executed in which the first Boolean mask is converted into the first additive mask. A second masking transition is executed in which the obfuscation value is converted into an additive correction value, and a third masking transition is executed in which the second Boolean mask is converted into the second additive mask.Type: GrantFiled: February 28, 2018Date of Patent: July 12, 2022Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Jürgen Pulkus, Lars Hoffmann
-
Patent number: 10805066Abstract: A processor device has an executable implementation of a cryptographic algorithm implemented thereon, which algorithm is adapted to produce an output text from an input text employing a secret key K. The implementation of the algorithm comprises a key-dependent computing step S which comprises a key combination of input values x derived directly or indirectly from the input text with key values SubK derived directly or indirectly from the key; the key-dependent computing step S is represented by a table which is masked with input masking and/or output masking to form a masked table TabSSubK; and a new masked table TabSKneu is generated in the processor device.Type: GrantFiled: December 7, 2016Date of Patent: October 13, 2020Assignee: GIESECKE + DEVRIENT MOBILE SECURITY GMBHInventors: Sven Bauer, Hermann Drexler, Jürgen Pulkus
-
Patent number: 10615962Abstract: A processor device has an executable implementation of the cryptographic algorithm DES implemented with an XOR linkage operation at the round exit and an implemented computation step S arranged to map expanded right input values r? as computation step entry values x=r? onto exit values s=S[x]. The computation step S is implemented as a key-dependent computation step further comprises a key linkage operation for linking input values of the round with key values of the round derived directly or indirectly from the key. The computation step S is implemented as a combined key-dependent computation step T which further comprises: a permutation operation P associated with the round, arranged to be applied to exit values s of the computation step S and to supply the exit values s of the computation step in permutated form to the XOR linkage operation at the round exit.Type: GrantFiled: October 28, 2016Date of Patent: April 7, 2020Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Sven Bauer, Hermann Drexler, Jürgen Pulkus
-
Publication number: 20200034573Abstract: A method for the transition is provided from a Boolean masking of a value to be kept secret to an additive masking of the value to be kept secret. The value to be kept secret is present in the Boolean masking as a representation masked with a first Boolean mask and a second Boolean mask. A first additive mask and a second additive mask are determined for the value to be kept secret. A first masking transition is executed in which the first Boolean mask is converted into the first additive mask. A second masking transition is executed in which the obfuscation value is converted into an additive correction value, and a third masking transition is executed in which the second Boolean mask is converted into the second additive mask.Type: ApplicationFiled: February 28, 2018Publication date: January 30, 2020Inventors: Jürgen PULKUS, Lars HOFFMANN
-
Patent number: 10438513Abstract: The invention provides a processor device having an executable, white-box-masked implementation of a cryptographic algorithm implemented thereon. The white-box masking comprises an affine mapping A, which is so designed that every bit in the output values w of the affine mapping A depends on at least one bit of the obfuscation values y, thereby attaining that the output values w of the affine mapping A are statistically balanced.Type: GrantFiled: October 30, 2015Date of Patent: October 8, 2019Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Hermann Drexler, Sven Bauer, Jürgen Pulkus
-
Patent number: 10403174Abstract: A processor device has an executable implementation of a cryptographic algorithm implemented thereon that is white-box-masked by a function f. The implementation comprises an implemented computation step S by which input values x are mapped to output values s=S[x], and which is masked to a white-box-masked computation step T? by means of an invertible function f. As a mapping f there is provided a combination (f=(c1, c2, . . . )*A) of an affine mapping A having an entry width BA and a number of one or several invertible mappings c1, c2, . . . having an entry width Bc1, Bc2, . . . respectively, wherein BA=Bc1+Bc2+ . . . . Output values w are generated altogether by the mapping f. The affine mapping A is constructed by a construction method coordinated with the invertible mappings c1, c2, and etc.Type: GrantFiled: October 30, 2015Date of Patent: September 3, 2019Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Hermann Drexler, Sven Bauer, Jürgen Pulkus
-
Patent number: 10249220Abstract: A processor device has an executable implementation of a cryptographic algorithm implemented being white-box-masked by a function f. The implementation comprises an implemented computation step S by which input values x are mapped to output values s=S[x], and which is masked to a white-box-masked computation step T? by means of an invertible function f. As a mapping f there is provided a combination (f=(c1, c2, . . . )*A) of an affine mapping A having an entry width BA and a number of one or several invertible mappings c1, c2, . . . having an entry width Bc1, Bc2, . . . respectively, wherein BA=Bc1+Bc2+ . . . . Output values w are generated altogether by the mapping f. Multiplicities of sets Mxi, i=1, 2, . . . =Mx11, Mx12, . . . Mx21, Mx22, . . . are formed from the output values a of the affine mapping A.Type: GrantFiled: October 30, 2015Date of Patent: April 2, 2019Assignee: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Hermann Drexler, Sven Bauer, Jürgen Pulkus
-
Publication number: 20180375649Abstract: A method for setting up a subscriber identity module for agreeing one or several exchange keys, between a subscriber identity module and a provisioning server includes generating one or several exchange keys from keys of the provisioning server and of the subscriber identity module on a production server and are transmitted into the subscriber identity module and stored, so that the subscriber identity module is put particularly into a state as though it had generated the exchange keys itself. In a method for agreeing one or several exchange keys, between a subscriber identity module and a provisioning server, the subscriber identity module sends its public key to the provisioning server, which subsequently generates the exchange keys.Type: ApplicationFiled: December 14, 2016Publication date: December 27, 2018Applicant: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Gabriel GOLLER, Sven BAUER, Jürgen PULKUS, Lars HOFFMANN
-
Publication number: 20180367297Abstract: A processor device has an executable implementation of a cryptographic algorithm implemented thereon, which algorithm is adapted to produce an output text from an input text employing a secret key K. The implementation of the algorithm comprises a key-dependent computing step S which comprises a key combination of input values x derived directly or indirectly from the input text with key values SubK derived directly or indirectly from the key; the key-dependent computing step S is represented by a table which is masked with input masking and/or output masking to form a masked table TabSSubK; and a new masked table TabSKneu is generated in the processor device.Type: ApplicationFiled: December 7, 2016Publication date: December 20, 2018Applicant: GIESECKE+DEVRIENT MOBILE SECURITY GMBHInventors: Sven BAUER, Hermann DREXLER, Jürgen PULKUS
-
Publication number: 20180309568Abstract: A processor device has an executable implementation of the cryptographic algorithm DES implemented with an XOR linkage operation at the round exit and an implemented computation step S arranged to map expanded right input values r? as computation step entry values x=r? onto exit values s=S[x]. The computation step S is implemented as a key-dependent computation step further comprises a key linkage operation for linking input values of the round with key values of the round derived directly or indirectly from the key. The computation step S is implemented as a combined key-dependent computation step T which further comprises: a permutation operation P associated with the round, arranged to be applied to exit values s of the computation step S and to supply the exit values s of the computation step in permutated form to the XOR linkage operation at the round exit.Type: ApplicationFiled: October 28, 2016Publication date: October 25, 2018Inventors: Sven BAUER, Hermann DREXLER, Jürgen PULKUS
-
Publication number: 20170352298Abstract: A processor device has an executable implementation of a cryptographic algorithm implemented being white-box-masked by a function f. The implementation comprises an implemented computation step S by which input values x are mapped to output values s=S[x], and which is masked to a white-box-masked computation step T? by means of an invertible function f. As a mapping f there is provided a combination (f=(c1, c2, . . . )*A) of an affine mapping A having an entry width BA and a number of one or several invertible mappings c1, c2, . . . having an entry width Bc1, Bc2, . . . respectively, wherein BA=Bc1+Bc2+ . . . . Output values w are generated altogether by the mapping f. Multiplicities of sets Mxi, i=1, 2, . . . =Mx11, Mx12, . . . Mx21, Mx22, . . . are formed from the output values a of the affine mapping A.Type: ApplicationFiled: October 30, 2015Publication date: December 7, 2017Applicant: GIESECKE & DEVRIENT GMBHInventors: Hermann DREXLER, Sven BAUER, Jürgen PULKUS
-
Publication number: 20170324542Abstract: A processor device has an executable implementation of a cryptographic algorithm implemented thereon that is white-box-masked by a function f The implementation comprises an implemented computation step S by which input values x are mapped to output values s=S[x], and which is masked to a white-box-masked computation step T? by means of an invertible function f. As a mapping f there is provided a combination (f=(c1, c2, . . . )*A) of an affine mapping A having an entry width BA and a number of one or several invertible mappings c1, c2, . . . having an entry width Bc1, Bc2, . . . respectively, wherein BA=Bc1+Bc2+ . . . . Output values w are generated altogether by the mapping f. The affine mapping A is constructed by a construction method coordinated with the invertible mappings c1, c2, and etc.Type: ApplicationFiled: October 30, 2015Publication date: November 9, 2017Inventors: Hermann DREXLER, Sven BAUER, Jürgen PULKUS
-
Publication number: 20170324543Abstract: The invention provides a processor device having an executable, white-box-masked implementation of a cryptographic algorithm implemented thereon. The white-box masking comprises an affine mapping A, which is so designed that every bit in the output values w of the affine mapping A depends on at least one bit of the obfuscation values y, thereby attaining that the output values w of the affine mapping A are statistically balanced.Type: ApplicationFiled: October 30, 2015Publication date: November 9, 2017Inventors: Hermann DREXLER, Sven BAUER, Jürgen PULKUS
-
Patent number: 8290145Abstract: In a method for the transition from a first masked representation of a value to be kept secret to a second masked representation of the value, according to a first aspect of the invention at least one previously calculated table with a plurality of entries is used, and the calculation is carried out depending on at least one veiling parameter, in order to prevent the value to be kept secret from being spied out. According to a second aspect of the invention, at least one comparison table is used, which, for each table index, provides the result of a comparison between a value dependent on the table index and a value dependent on at least one masking value. A computer program product and a device have corresponding features. The invention provides a technique for protecting the transition between masked representations of a value from being spied out, wherein the masked representations are based on different masking rules.Type: GrantFiled: September 3, 2004Date of Patent: October 16, 2012Assignee: Giesecke & Devrient GmbHInventors: Olaf Neisse, Jürgen Pulkus